CVE-2025-5520
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-5520
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5520.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-5520
- Published
- 2025-06-03T18:15:27Z
- Modified
- 2025-06-09T16:46:56.250288Z
- Summary
- [none]
- Details
-
A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmmstateauthentication/emmstateauthentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.
- References
-
- https://vuldb.com/?ctiid.310956
- https://vuldb.com/?id.310956
- https://vuldb.com/?submit.582269
- https://github.com/open5gs/open5gs/issues/3910
- https://github.com/open5gs/open5gs/issues/3910#issuecomment-2926719317
- https://github.com/user-attachments/files/20362243/Problematic.handover.required.process.zip
- https://github.com/open5gs/open5gs/commit/9f5d133657850e6167231527514ee1364d37a884
Affected packages
Git / github.com/open5gs/open5gs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/open5gs/open5gs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.5